forked from jenkinsci/trilead-ssh2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
HISTORY.txt
377 lines (243 loc) · 17.1 KB
/
HISTORY.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
Release Notes:
==============
trilead-ssh2-build-217-jenkins-16, 2019-03-31:
- [JENKINS-55352] update net.i2p.crypto:eddsa to 0.3.0
- Connection timeout handler not cancelled when an exception occurs during a connection attempt. If the Connection instance is reused for further attempts, this can lead to the disconnection of an active connection.
- [JENKINS-56821] Eliminating hot lock from `TimeoutService`
trilead-ssh2-build-217-jenkins-14, 2018-10-18:
- fix warnings and errors in javadoc
- [JENKINS-53651] wait for a timeout time if the packets have 0 size
- Support OpenSSH keys with AES256-CTR encryption
- [JENKINS-53645] move a class from ssh-slaves, fix tests
- update java to 8, a new test, and some javadoc
- [JENKINS-47458] - Check for null in Connection#getReasonClosedCause()
- [JENKINS-47603] Just print the SCP response code under failure
build217, 2013-06-03:
- Support for SSH agent based authentication.
build216, 2013-03-04:
- Support of unencrypted entries in the known_hosts file.
- Improved timeout handling.
build214, 2011-04-25:
- Project build procedure uses Gradle; project artifacts from now on
are available at TMate Software Maven repository at http://maven.tmatesoft.com/
build213, 2008-04-01:
- Added a workaround for servers that violate RFC4253 when sending the
SSH_MSG_SERVICE_ACCEPT and the SSH_MSG_KEXDH_REPLY messages.
Thanks to Gordon Brockway.
- Fixed encodings for alien platforms (e.g., EBCDIC based). Use "ISO-8859-1" in
most places where we used the default platform encoding so far.
- API change: atime and mtime attributes in SFTPv3FileAttributes are now
of type Long (not Integer). Makes it easier to properly handle values > 2^31.
- Fixed the blowfish-ctr cipher, it could not be instantiated (a typo that
got in during the move to the trilead namespace). Thanks to Roelof Kemp.
- Still in the queue: SSH server support.
build212, 2008-03-03:
- Added possibility to enable debugging output without recompiling the library.
See the Connection.enableDebugging(...) method and the DebugLogger interface.
- Added Connection.ping() and Session.ping() methods to perform end-to-end
connection/session testing. Initial code supplied by Alexander Kitaev. Thanks!
- Some buggy SFTP servers send too big packets when we instruct them to read
directory entries. Therefore, increased the packet size limit for answers
to the SSH_FXP_READDIR request. Thanks to Ross Perry.
- Coming soon: SSH server support.
build211, 2007-10-28:
- The library is now called "Trilead SSH-2 for Java".
It is still maintained by Christian Plattner (co-founder of Trilead).
- The package has been moved to "com.trilead.ssh2". Therefore, please make sure
that you use "import com.trilead.ssh2.*" in your Java source files.
Otherwise, the library is completely backwards compatible.
- If you have questions, then please consult our new forum at http://www.trilead.com/support.
- Added Connection.sendIgnorePacket(...) methods which allow to send SSH_MSG_IGNORE packets.
Thanks to Andrei Tchijov.
- Added support for the "none" authentication method.
- Revised the SHA-1 code. Highly optimized. Speed should be more than doubled.
- Changed references to the correct RFCs (instead of the drafts) in the javadocs (where possible).
- Fixed the write() method in the SFTP code. Unsatisfiable preconditions stopped the method
from writing any bytes. As stated in the documentation, the SFTP code is still experimental.
Thanks to Andreas Pueschel.
- The "softwareversion" token for the SSH protocol version exchange has been changed
to "TrileadSSH2Java_XXX", where XXX is the build number.
- Added a new createLocalPortForwarder(InetSocketAddress addr, ...) method which allows to
specify the local address and port to bind to. Thanks to Andrei Tchijov.
- Slightly updated the FAQ.
build210, 2006-10-06:
- Added HTTP proxy support. See Connection.setProxyData() and the HTTPProxyData class.
Thanks to Jean-Pierre Schmit for providing example code.
- Added basic support for SFTP (v3).
- Beta users: removed support for automatic split of huge read transfers in SFTP,
as it was not possible to return EOF in a clean way. The write method still splits huge
transfers (in blocks of 32768 bytes). Thanks to Zhong Li.
- SCP enhancement. It is now possible to specify an empty target directory name when sending
files. This is analogous to using "scp file user@host:" (thanks to Bernd Eggink).
- SCP enhancement. It is now possible to receive a remote file and pipe it directly into
an OutputStream. Thanks to Bernd Eggink.
- SCP enhancement. It is now possible to specify a different remote filename when sending
a file. Thanks to Thomas Tatzel.
- Added more verbose error messages in case a channel open operation fails (e.g., resource
shortage on the server). Related to this, added a comment to the FAQ regarding the limitation
on the number of concurrent sessions per connection in OpenSSH. Thanks to Ron Warshawsky.
- Added a feature (ConnectionMonitor) to get notified when a connection breaks.
Thanks to Daniel Ritz (Alcatel).
- It is now possible to override the used SecureRandom instance (Connection.setSecureRandom()).
- Added getters for the server's hostname and port to the Connection class.
- Added examples for HTTP proxy usage as well as local/remote port forwarding.
- Added support for SSH_MSG_KEX_DH_GEX_REQUEST_OLD in the DHGexParameters class (there
is a new, additional constructor). Please check the Javadoc for DHGexParameters.
- Clarified in the javadoc the issue of re-using Connection objects. Changed the exception
message in case connect() is invoked on an already connected connection.
- Added an entry to the FAQ regarding pumping data into remote files.
Thanks to Daniel Schwager.
- Changed JDialog.show() to JDialog.setVisible(true) in the SwingShell example.
The show() method is deprecated in Java 5.0. Thanks to Carlo Dapor.
- Fixed the behavior of the local port forwarder code. Trying to listen on an already bound port
will not fail silently anymore. Also, the accept thread will continue accepting connections
even if there was a problem with the establishment of the underlying ssh-forwarding of a
previous incoming connection (e.g., one tried to establish a forwarding to a remote port that
is not in state open (yet)). Thanks to Claudio Nieder (Inodes, Switzerland) and
Daniel Ritz (Alcatel) for pointing this out.
Note: the interface for managing port forwardings needs to be further improved.
- Tried to implement a workaround for the Sun JVM bug 5092063. Changed InetAddress.getByAddress(byte[])
in the "TransportManager.parseIPv4Address" method (which already is a workaround for JDK's that
use the resolver for dotted IP addresses, independently from the 5092063 bug) to
InetAddress.getByAddress(String, byte[]). Thanks to Alain Philipin.
- Fixed a bug in KnownHosts.addHostkeyToFile. Hostnames were converted to lowercase which is
not good in case of hashed hostnames (it leads to a different BASE64 encoding and therefore
hashes won't match). Thanks to [unknown].
- Fixed a typo in the SCP client (tag for modification times is 'T' and not 'P').
Thanks to Andreas Sahlbach.
- Stupid performance enhancement in the Logger, it did unnecessary calls to System.currentTimeMillis().
- The LICENCE.txt file is now also included in the pre-compiled jar. Of course, redistributions in
binary form must *still* include the contents of LICENCE.txt in the documentation and/or other
materials provided with the distribution.
- Small cleanups in the TransportManager code.
build209, 2006-02-14:
- A major release, many new features. Thanks to all who supported me with feedback!
- Added remote port forwarding support.
Please consult the docs for Connection.requestRemotePortForwarding().
- Added X11 forwarding support. Please consult Session.requestX11Forwarding().
X11 support is based on joint work with Simon Hartl (simon.hartl (at) gmx.net). Thanks, Simon!
- The SCPClient constructor is now public. The factory method is still there (in the Connection
class), however, it will probably be marked as deprecated and eventually be removed in the future.
- Added startSubSystem() method to the Session class. Now it is possible to implement subsystems,
e.g., sftp, outside of the library.
- For advanced users: there is now a much better condition wait interface in the Session class.
It is now also possible to wait for the arrival of "exit-status" and "exit-signal".
The Session.waitUntilDataAvailable() method still works, but is marked as deprecated.
Users that used the beta version, please be aware of the following change: calling the close()
method on a Session object will immediatelly raise the ChannelCondition.CLOSED/EOF conditions
on the underlying channel - even though the remote side may not have yet responded with a
SSH_MSG_CHANNEL_CLOSE message (however, in the background the library still expects the server
to send the SSH_MSG_CHANNEL_CLOSE message). See below for an explanation.
- The behavior of Session.close() has changed. If you *kill* a Session (i.e., call Session.close()
before EOF (or CLOSE) has been sent by the remote side), then immediatelly EOF will (locally)
be raised for both stdout and stderr. Further incoming data (for that particular Session) will
be ignored. However, remote data that arrived before we sent our SSH_MSG_CHANNEL_CLOSE message
is still available (you can think of having appended the EOF marker to the end of the local
incoming stdout and stderr queues).
The reason to do this is simply because some SSH servers do sometimes not reply to our
SSH_MSG_CHANNEL_CLOSE message (event though they should). As a consequence, a local reader may
wait forever for the remote SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE messages to arrive.
If you are interested, then you can try to reproduce the problem: Execute something like
"tail -f /dev/null" (which should do nothing forever) and then concurrently close the Session
(enable debug mode to see the SSH packets on the wire) to check how standard compliant your server
implementation is). Thanks to Cristiano Sadun.
- The Session code does not anymore make use of the synchronized attribute for any of its methods.
This has the advantage that a call to Session.close() will never by blocked by concurrent
calls to the Session object. However, note that in the worst case the call may still block until
we can send our SSH_MSG_CHANNEL_CLOSE over the TCP connection.
- The SCP client can now also be used to directly inject the contents of a given byte array
into a remote file (thanks to Dieter Baier for suggesting this).
- Added support for specifying timeouts for connection establishment.
Thanks to Rob Hasselbaum and Ben XYZ.
- Performance improvement: we use only a single SecureRandom object per connection
(until now there were multiple instances).
- Fixed the Swingshell example program, it did not read in the known_hosts file on startup.
(thanks to Ashwani Kumar).
- There was a typo in the CBCMode class (srcoff was ignored), however since we always pass
a zero offset the bug did not show up (thanks to Alex Pakhomov).
- While implementing X11 support, found a strange X11 bug in OpenSSH (reported, openssh bug 1076).
12.10.2005: has been fixed for OpenSSH 4.3 by the OpenSSH crowd.
- Changed the SingleThreadStdoutStderr example so that it uses the new condition wait interface.
- Efficiently handle IPv4 addresses (when creating the underlying socket), there was a report
that some JDK's try to lookup dotted addresses with the resolver.
(thanks to Alexander Kitaev).
- Added setTCPNoDelay() method to the Connection class.
- Improved handling of unsupported global/channel requests received from the server.
- The KEX code is now more robust. Also, the ServerHostKeyVerifier callback (if specified) will be called
before doing any DH calculation.
- Major cleanup (i.e., rewrite) of the SSH channel code.
- Cleanup up Session class, removed unnecessary IOExceptions.
- Implemented 2^32-1 conformance for channel windows.
- I got several times questions by e-mail from people that have problems with "putty" keys.
Added an entry to the FAQ.
- Added an entry to the FAQ regarding how to handle servers with disabled password authentication
(thanks to Nicolas Raoul).
- Upcoming: SFTP support (in the meantime almost a running gag).
- Changed the name from "Ganymed SSH2" to "Ganymed SSH-2". Will this improve the G**gle ranking? =)
- Latest javadoc is now also online.
build208, 2005-08-24:
- Added support for RSA private keys (PEM format), also revised code for RSA signature verification.
- Extended support for encrypted PEM files.
Supported encryptions: DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC.
- Added rather complete support for known_hosts files (in KnownHosts.java).
The parser is able to understand the same pseudo-regex (*,?,!) syntax as OpenSSH clients.
The class includes support for hostkey comparison as well as functionality to add accepted keys
to a known_hosts file. One can also create OpenSSH compatible fingerprints (Hex and Bubblebabble).
Hashed hostname entries are understood and can also be generated.
- Restructured the examples section, added more examples. The examples should cover most issues.
There is also a _very_ basic terminal emulator, see SwingShell.java.
- It is now possible to override the default server hostkey algorithm order (for the key exchange)
with the Connection.setServerHostKeyAlgorithms method. This makes sense in combination with
known_hosts support (e.g., if you already know the server's public ssh-dss key, then
you probably prefer the "ssh-dss" over the "ssh-rsa" algorithm).
The used server hostkey algorithm is now also reflected in ConnectionInfo.
- The default server hostkey algorithm order is now "ssh-rsa", "ssh-dss".
- Important: revised Input- and OutputStream code, everything is now unbuffered
(less memory consumption, more direct interface, see also StreamGobbler class and the FAQ).
- Added StreamGobbler helper class.
- Method verifyServerHostKey() in the ServerHostKeyVerifier may now throw exceptions
(an alternative to returning "false").
- All background threads (the per-connection receive thread as well as all threads
used in forwarders and StreamGobblers) now use setDaemon(true) on startup.
- Added "diffie-hellman-group14-sha1" support to the key exchange code.
- Added chained IOExceptions where applicable (IOException initialization with initCause()).
- Cleaned up packet building code, removed unnecessary server-side methods.
- Cleaned up javadoc of SCPClient: replaced umask with mode.
- Fixed a bug in the server identification string parser. This actually prevented a successful
key exchange with some ssh servers (the server's signature was rejected).
Thanks to Alex Molochnikov for the initial bug report and for helping in tracking down the issue.
- Fixed a buffer re-allocation bug in the beta version of the StreamGobbler class
(thanks to Marc Lijour).
- Fixed flawed UINT64 support (thanks to Bob Simons).
- Fixed a bug in the build script of the beta builds (sftp beta directory was not completely removed)
(thanks to Richard Hash).
- Use zero based padding for unencrypted traffic.
- Changed again the client identification string (the one presented to the server).
- Created a FAQ, available on the website and in the distribution.
- Revised javadoc comments. Also, the generated documentation is now located in the subdirectory
"javadoc" instead of "doc" (in the distribution).
- Added README.txt to the distribution.
build207, 2005-07-21:
- Added "Keyboard Interactive" authentication method:
authenticateWithKeyboardInteractive() in Connection.java,
also have a look at InteractiveCallback.java.
- Extended authentication interface in Connection.java (backwards compatible).
New functionality: getRemainingAuthMethods(), isAuthMethodAvailable(),
isAuthenticationComplete() and isAuthenticationPartialSuccess().
- Using an authentication method not supported by the server leads now to an exception
(instead of returning "false"). Use isAuthMethodAvailable() if you want to check
for the availability of an authentication method.
- Fixed a bug in SCPClient which sometimes lead to failed downloads.
- Improved channel window handling.
- Removed bogus (CVS) version string from Connection.java
- Changed client identification string to "Ganymed_buildXXX".
- Changed the jar file naming scheme (ganymed-ssh2-buildXXX.jar).
- Started adding logging support for debugging purposes (currently only for development).
- Cleanup of javadoc and comments at several places.
- Reversed order of entries in HISTORY.TXT
build206, 2005-07-04:
- Fixed small resource issue with SCP (thanks to Micha�l Giraud).
- Added LocalStreamForwarder.
- Added HISTORY.TXT
build205, 2005-06-27:
- Initial release.